>>We are considering releasing a security update for OpenERP to prevent exploiting the vulnerability even >>on unpatched PostgreSQL versions.
Has a decision been made about this yet? Will OpenERP be releasing a security update? Or is the recommended course of action to update PostgreSQL ? Ray. -----Original Message----- From: openerp-community-bounces+rcarnes=ursainfosystems....@lists.launchpad.net [mailto:openerp-community-bounces+rcarnes=ursainfosystems.com@lists.launch pad.net] On Behalf Of Olivier Dony Sent: Thursday, April 04, 2013 8:32 AM To: Marco Dieckhoff Cc: [email protected] Subject: Re: [Openerp-community] Major security patch for all versions of PostgreSQL On 04/04/2013 04:53 PM, Marco Dieckhoff wrote: > Am 04.04.2013 16:40, schrieb Brendan Clune: >> Something which affects us all... >> >> http://www.postgresql.org/about/news/1456/ >> > > Sadly, it looks like neither Ubuntu 12.04 (Server, LTS) nor Debian > Wheezy/Sid has a version newer than the ones mentioned above... Or my > mirrors don't have them yet. The Ubuntu repositories have now been updated so PostgreSQL 9.1.9 is available for all users of Ubuntu 11.10, 12.04 and 12.10: http://www.ubuntu.com/usn/usn-1789-1/ The serious vulnerability only affect PostgreSQL 9.X. Users of Postgres 8.X are safe from that specific Denial Of Service attack. Updating your Ubuntu server is as simple as: sudo apt-get update sudo apt-get dist-upgrade Debian repositories do not have PostgreSQL 9.1.9, but are expected to be updated soon. This vulnerability is very serious and can be exploited trivially via OpenERP even if your database server is not listening on a public interface (and even if you use --db-filter)! Attackers can use it to remotely crash your databases in a way that will require a manual fix or a restore from backup. We are considering releasing a security update for OpenERP to prevent exploiting the vulnerability even on unpatched PostgreSQL versions. Note: It is usually necessary to restart your OpenERP servers after upgrading PostgreSQL, except if you are using a version of OpenERP 7.0 dated after February 19, 2013 (see http://pad.lv/905257 for more info) _______________________________________________ Mailing list: https://launchpad.net/~openerp-community Post to : [email protected] Unsubscribe : https://launchpad.net/~openerp-community More help : https://help.launchpad.net/ListHelp _______________________________________________ Mailing list: https://launchpad.net/~openerp-community Post to : [email protected] Unsubscribe : https://launchpad.net/~openerp-community More help : https://help.launchpad.net/ListHelp
